Cookies are small text files held on your computer. They allow us to give you the best browsing experience possible and mean we can understand
how you use our site. Some cookies may have already been set. You can delete and block cookies but parts of our site won't work without them.
more cookie details

Origo Blog

Email security – ‘the biggest challenge in online services in the years to come’

Posted by Victoria Green on Tuesday 23 December 2014 at 15:33

The recent hacking of Sony Pictures Entertainment and the hacking of South Korea’s nuclear plant operator are two very high profile examples of the new threat that industries and businesses are subject to in the Internet age.

The World Wide Web / Internet was just 25 years old in 2014 yet for most businesses it is vital to their operation. This is particularly so for the financial services world.

Think about everything you do online that just a few short years ago would have been paper based. Writing letters and sending documents is one basic task that has been changed forever. Around the world, customers and financial services providers exchange letters and documents containing data and information, often of a personal and confidential nature, probably every second of the day.

Whereas we used to trust the postal services to deliver those letters and documents safely and securely for us, nowadays more often than not we will send them via email. And we do that because it is fast, cheap and convenient; which is great for business.

The problem is that it is also great for hackers and criminals, who know full well that they can access people’s computers and emails so easily that unless protected the data we send is pretty much an open book.

One UK based ISP recently wrote to its customers admitting that security had “become a big issue in 2014” requiring it to introduce “triple-level virus engines” to its mail system “stopping thousands of infected files per day”. Security it went on to say is “something we see as the biggest challenge in online services in the years to come”.

There are now emails circulating that offer to hack any email system for as little as $350.

Criminals have quickly cottoned on to the opportunities that putting malware etc on our computers provides and now most companies have robust systems, procedures and processes in place to try to prevent malicious attacks from outside the company. The problem with emails, however, is that on their journey from sender to recipient they can sit on several servers, over which neither party has any control.

Worryingly, in a recent survey conducted for Origo across a range of financial services organisations, while 8 out of 10 large companies said they exchanged sensitive data on a daily basis, over one third (35%) stated that they never secure emails prior to sending internally or outside their business. This equates to some 44% of sensitive emails being sent unprotected and illustrates the vulnerability of email usage within financial services.

Sending an email that has no protection is like sending a postcard through the post – no company would contemplate sending confidential email in that way yet they do the digital equivalent every day. Any hacker who wants to read an unsecured email can do so with relative ease.

For financial services companies, the risk of customers’ personal details being accessed and leaked online or used for criminal purposes is a reputational hit they cannot afford to take. That’s not taking into account any penalties imposed for breaching laws and regulation. Such fines can be significant.

The best way to protect emails is to install an enterprise wide system that uses military strength encryption that ensures only the sender and the designated recipient can read the contents.

Unipass Securemail is powered by Trend Micro, one of the largest global Internet security companies, and has been developed to provide a turnkey solution for companies, delivering military-strength NIST (National Institute of Standards and Technology) encryption security.

Currently Unipass Securemail is trusted and used by over 65,000 registered users and its user base is growing rapidly. The service is flexible and scalable, meaning it can be used by organisations both large and small. It has already been adopted by some of the leading financial organisations in the UK financial market, including Royal London.

There appears to be a general misconception that auto enrolment is all about pensions. It’s an understandable assumption. Certainly, for the end consumer, the introduction of auto enrolment is about saving money on a regular basis, maybe for the first time in their lives, giving them a pension pot to draw on in their retirement. But behind the scenes there is so much that has to happen to make auto enrolment a success. For SME employers there is a raft of legislation and compliance to get to grips with, while the pensions industry, of course, has to put in place the systems and the processes, efficiently, compliantly and cost effectively, to ensure the process of auto enrolment runs smoothly for everyone involved.

Auto enrolment is one of those ‘once in a generation’ pieces of legislation that brings sweeping change to a market. The early stages of auto enrolment have been a big success story, but we are still in the rollout period and with several years of staging still to come. As the volumes increase and the movement of members from scheme to scheme starts to pick up, there is still the potential for bottlenecks to occur and for member outcomes to potentially suffer as a result.

The Government’s ‘Pot Follows Member’ system, will help ensure people do not end up with a number of small pension pots at retirement as they inevitably move jobs and employers through their working lives. This will see the number of pensions transfers increase rapidly over the next few years, and occupational pension schemes and administrators will need a robust, efficient, cost effective, built-for purpose means of transferring data between providers in order to deal with this movement and, importantly, to best support the wide variety of members with different needs from various employment types. That is something that must not be forgotten or overlooked along the way; the member must always be at the heart of the process.

To date, many trust-based pension transfer processes still operate on a paper-based system. This is costly and can result in delays of weeks or months in members receiving their first pension income payment, from an annuity or other retirement income plan. Clearly, that is unsustainable in an auto enrolment world, as the word auto implies.

It is also unnecessary, as our Options system was purpose built to speed up the transfer process between providers in the contract pensions space and, in particular, to improve the Open Market Option (OMO) experience for consumers. Options, established in 2008, has successfully reduced the time taken for transfers to be completed from over 50 days to just a handful of days, with some now completed in just 45 minutes. Options has now been developed to meet the needs of occupational pension schemes and administrators, and help improve the experience for the trust-based scheme member, while significantly reducing costs for schemes and administrators.

In the auto enrolment world, the ability to handle capacity is going to be key as the number of small pots needing transferred will grow exponentially. Our Options service again can support organisations here. Service capacity is not an issue; the service currently handles over 40,000 transfers, safely and successfully, every month, 25% of which are small pot transfers of less than £10,000, and has managed £40bn of pension transfers since launch. Despite these large volumes, the service is currently running at only a fraction of its overall capacity, and so has plenty of scope for the wave of transfers to come.

Auto enrolment is not just about pensions, it’s about automation and introducing robust, efficient processes to address the needs of each individual member. Helping to ensure ‘at retirement’ readiness and enabling people to make the most of their pot, or pots, so that when the time comes they can maintain the lifestyle they want with their well-earned retirement funds. So it keeps the member at the heart of the process.

A new NAPF survey, published in February 2014, found '81% of respondents - both pension schemes and business members who are providing services to those schemes - said that the volume of change expected by the sector in the next 12 months could really start to get in the way of their ability to provide a good level of service to scheme members.' This feeling of uncertainty and identified need for an improved service to members was echoed by all who attended and spoke at the recent Origo ‘Pension Transfers and Pot-Follows-Member’ Insight Seminar.

On Tuesday, 11th February 2014, Origo’s seminar brought together some of the industry’s most influential names and faces and included key speakers from Legal & General, IRESS, Standard Life and LV=. A range of topics were discussed from ‘Pot-Follows-Member – pipedream or reality?’ to ‘A view from a Mastertrust’. The transfer of pensions was the focus for the day and it was that topic which got attendees all fired up. Paul McBride, Head of Governance, Legal & General made a compelling statement ‘regardless of whether pot does, or doesn’t, follow member, improving the service to members must be high on the agenda for organisations’. So regardless of what might or might not happen, organisations should be taking what steps they can to ensure an improved member experience is achieved. He went on to say that an automated transfer solution such as Options can be an essential part of this improved service for occupational schemes and their administrators; as it has already helped so many organisations in the DC pensions market.

Many other good points and issues were also raised on the day by attendees as well as speakers. The Origo Common Declarations did raise a few questions, with a feeling in the room of ‘is it really that easy?’. As Nick Green (speaker) explained, yes it is and it is very much a working solution. Developed by cross-industry agreement Common Declarations is a set of wording which is used by receiving schemes which removes the need for discharge forms and simplifies the whole process saving significant times and costs which are normally dedicated to that stage. This takes weeks off the application process and improves service to the member while removing paperwork.

The Common Declarations are just one part of the Options offering which make it easier for organisations to do business with each other, while making it a simpler, quicker process for the member. A real testament to just how popular the service is what we like to call ‘all the fours’. There are over 40 providers already using the service (60 brands in total). With over 40,000 transfers completed successfully, and securely, on average monthly, and this number is still growing. Finally, a grand (and whopping!) total of over £40Bn has been transferred via Options since it was originally established back in 2008.

There was a shared recognition that by introducing a reliable and established automated transfer service, you could not only continue to improve service to members but you'll also have complete control over the transfers, with a full electronic audit trail. Making it easier, faster and safer for all parties, especially the member.

Wednesday, 23rd October, 8.30am, Exhibitors stands all set up, teas and coffees are being poured and delegates start to arrive for one of the main platform events of the year the Platforum Annual Conference - #Platforum7.

This year it was about one thing and one thing only - the customer. It was so central to the day that even the term ‘customer’ was being debated should it be clients? Consumers? Etc,. Of course, the inevitable topics of margins, profitability, sustainability and ‘clean’, ‘super clean’ and ‘super, super clean!’ share classes came up but primarily it was all about engaging and sustaining successful relationships with the people who are destined to put their funds and trust in your organisation.

With key speakers from Aegon and Hargreaves Lansdown and verbal tweets (140 seconds, one topic, no pressure! Go!) from the likes of Nucleus, Chairman, Paul Bradshaw, there was plenty going on and a full range of opinions and insights. A Facebook engagement session demonstrated how we can use to technology to really ‘know our customers’ - although not everyone’s choice method of engaging with customers, the depth of data available and how you can use that data was nonetheless powerful.

There was repeated talk that the walls between organisations and customers need to be broken down. Customers need to be engaged in investing and while Auto Enrolment will help, it is uncertain if it will solve the issue. There was an overall agreement that through using smart technology, (smart phones, tablets etc) it will be easier for people to manage their monies enabling them to actively engage in their investments, making it a pleasurable experience not a negative one.

It’s apparent that industry intent is for customer/client engagement to increase through product and service transparency and making easier for customers/clients to move monies giving them more control and increased flexibility.

With this industry motivation to change the customers attitude to saving and investing it is only right that transfers are discussed as well, after all that is how the money will be moved. When you take everything in to consideration, its logical that an efficient transfers process is central to improving the customer experience and building confidence in your services and products.

Options Transfers is the industry’s only complete transfers service and it is trusted by 49 brands. Since its launch it has revolutionised the way transfers are conducted. Run by Origo, the service has continued to be developed to meet ever growing industry needs while still being easy to set-up and use. Today the service orchestrates the transfer of all asset types, whether that be in cash or the re-registration of assets, including Pensions, ISAs, GIAs, Bonds, SIPPs and more.

Having the ability to do everything in one place means your employees have a system and process they are comfortable with and your customers receive an improved, speedy and efficient service. This will go some way towards helping to sustain and build customer confidence while providing them with the service they deserve.

So whether you believe your customers are clients, consumers, civilians or muggles at the end of the day we are all deserving of a good quality service that enables the safe and secure movement of money without fuss.

Another area which could benefit from the ‘Tommy Cooper’ approach, and perhaps a little transfers magic dust, is the financial industry’s pensions transfer process outside of the Options Transfers service. It’s no secret that Origo’s Options Transfers service has transformed cash and asset transfers across the industry, reducing transfer times by up to 80%. What is new is how a part of Options Transfers is helping those who are not yet on the service.

Options Transfers is the pensions transfers service for our industry but for the proportion of the industry outside the Options Transfer community, the process of issuing, chasing and collecting discharge and lifetime allowance forms can be laborious and time consuming.

To further help the industry achieve fast pension transfers, we’ve now published our Common Declarations which form a part of our award-winning Options Transfers service. These Declarations were developed and agreed by over 45 financial brands and today they are used to complete over 40,000 transfers every month. They provide a common set of wording to be used on application forms; removing the need for discharge and lifetime allowance forms. This removal of paperwork helps organisations speed up this particular part of their paper-based transfer process.

The Common Declarations won’t completely resolve the issues and time delays in manual, paper-based transfers but they will help organisations take a step towards speeding them up. By enabling parties to capture this information, any time spent chasing and processing the forms is saved.

'Not like that - like that!'

The publishing of the Common Declarations has been welcomed by many in the industry, but the real issue is how to remove or replace these manual, paper-based transfer processes with more efficient, automated ones. Manual processes are often costly, labour intensive and time consuming, and in this digital, customer centric age it is vital to ensure streamlined, secure processes are in place to enable a quick, efficient service. Automating the transfer process may seem daunting, but really, it couldn’t be simpler.

As an industry body we develop and design solutions and services which solve common, industry wide problems. When the issue of slow, cumbersome manual pension transfer processes first arose we developed our Options Transfers service which helped the industry solve this problem. Today, the award-winning service is used and trusted by over 45 financial brandsand has successfully reduced transfer times from months to just a handful of days.

With over 5 years’ experience of successfully running and managing the industry’s transfers service, combined with our unique ability to foster industry collaboration enables us to help organisations find the right solution for their needs. Our publication of the Common Declarations will play a role in helping to improve the processing time for paper-based transfers, but if you are interested in more efficient online transfers perhaps it’s time you started talking about automation.

We’re here and ready to help you work towards speedier transfers so that your pension transfer process will happen the way Tommy Cooper intended - just like magic!

Wouldn’t it be great if everything happened the way Tommy Cooper intended...’Jus’ like that’. A little magic dust here, a spot of ‘abracadabra’ there and ‘ta dah’ you’re done! Of course there is no quick, magical way to make things happen the way they need to. But there are ways of working smarter to improve efficiency and help systems and processes work better so things appear to be working like magic.

Origo Standards were launched over 20 years ago and they quickly established a simple and effective way for financial systems to link together. This standard way of connecting also ensures data moving between systems isn’t lost or corrupted so that processes such as quotes, valuations and new business submissions are conducted efficiently, securely and smoothly.

Since their launch over 20 years ago Origo Standards have come a long way and the recent publication of ‘Phase 2’ of our Pre-population and Re-population Standard, which is part of our Flexible Integration Toolkit (FIT), is proof of this. This Standard, first launched last year (2012), helps data to be collected, edited and added to along its journey, effectively reducing rekeying so time is saved and errors are reduced for all parties.

Phase 2 of this Standard now incorporates even more data patterns including bank accounts, illustrations, remuneration and more. These additional data patterns make the Pre-population and Re-population Standard even more powerful, providing you with further building blocks which can be used to define and create a secure pathway for your customers data.

Today the ability to securely gather, move and receive customer data is now more essential than ever. Our Standards will help you simply and successfully manage the flow of data as well as those vital trading links between your partners.

Of course, advisers and their clients might not know an Origo Standard is being used to move this data but they will realise the benefits as much as the platform, provider or software provider that has implemented the Origo Standard. Helping you establish leaner, speedier processes, so whether you’re setting up new business or creating quotations you can be confident that Origo Standards will help it all happen ‘Jus’ like that!’.

There have been numerous cases of high profile loss of customer data, or electronic exposure of that data, in the past 2 years including global names like Sony, as well as several UK county councils. These have resulted in, not only large fines, but also reputational damage to the company or organisation involved.

These cases have served to make financial advisers and consumers increasingly aware of the threat to their personal and private information when being handled by the companies they deal with. Especially if those details are being sent from one company to another in order to complete a transaction.

As greater emphasis is being placed on data protection it comes as no surprise that the maximum fine the Information Commissioners Office (ICO) is able to issue may increase. It’s likely that from 2014 new proposals could see organisations that breach data protection regulation open to fines of up to 2% of their global turnover.

This is a massive increase from the previous maximum fine of £500,000, which reflects the greater importance legislators and regulators are placing on the protection of consumers’ personal data.

Every organisation is responsible for the data it holds, sends and receives, and ensuring it is protected and dealt with properly. But effective data protection is more than just deploying a range of measures to protect the data on the servers on their own premises such as firewalls and anti-virus software; it also affects emails. It is very easy to believe that emails are secure as they travel from one server to another but in fact, this is when they are at their most vulnerable. From the time an email is sent until the point at which it arrives at its destination, it travels along a web of public, unprotected and insecure networks. This leaves it open to electronic eavesdropping, snooping and theft.

If we consider the volume of personal data that is transmitted via email between financial advisers, platforms and product providers on a daily basis, for example, it is easy to see how a client’s personal details or a company’s private information could be exposed in this way.

Encrypting emails can prevent unauthorised access. But with several solutions out there, which do you choose? When you boil it down you really need an encryption solution which is scalable, fast to deploy, and most importantly easy for users of all abilities as well as providing a high level of security.

Identity Based Encryption (IBE) stands out as providing an easy-to-use, scalable solution meeting the high level of security needed, especially when dealing with client data, by ensuring that the email cannot be read by anyone except the intended recipient.

Unipass Securemail, developed with Trend Micro, one of the largest global internet security companies, delivers a user-friendly IBE solution with military strength NIST (National Institute of Standards and Technology) security.

An early adopter of Unipass Securemail was Scottish Life who recognised that while it had robust security measures in place to protect its own systems, it also needed to ensure the protection of the information that was being transmitted to advisers in and out of the company via email each and every day.

The chosen solution needed to be adviser focused, flexible, scalable, easy-to-use and value for money. Scottish Life extensively and thoroughly trialed Unipass Securemail before selecting it for roll out internally and to all its adviser user community.

Describing the process Keith MacPherson, Head of Marketing Development, Scottish Life, said: “We were looking for a solution that solved the issues of data protection and was easy for advisers to use and simple to integrate with our existing systems. We chose Unipass Securemail as it ticked all the boxes. The service, help and support from Origo has been great, as they provide a friendly and efficient service for both advisers and us.”

The more information we send electronically via email the more chance there is that at some point the data will be misdirected, lost or intercepted. Adoption of Unipass Securemail ensures only those intended to read the email can actually do so, significantly reducing the threat to personal and commercial data and to an organisation’s business flow and reputation.

Over 70,000 users are already registered on the service, when will you be joining them?

The introduction of pension auto enrolment has brought to the fore the issues around the ability to transfer small pension pots between provider companies when people change their employment.

Labour mobility is now an essential part of the UK economy and anecdotal evidence suggests that people may not only change job on a more regular basis than was perhaps the case 10-20 years ago but could change career 2-3 times in their working lives.

Accordingly, the ability of people to carry pension arrangements with them when they change employer rather than freeze the pension, as often happened in the past, with all the additional administration and cost involved, has become a more pressing issue.

Origo responded to the issue by launching the Options Transfers service in 2008. Since launch to November 2012 Options has transferred over £26bn in pension money between providers for the end customer. The figures below show the percentage of pension-to-pension transfers that fall within the small pot category.

Pension to Pension Transfers

2012

2011

2010

Average ceding pot (£000)

44

41

43

Under £5k (%)

14

14

13

Under £10k (%)

26

26

25

Under £20k (%)

44

45

44

The pension to annuity transfers, i.e. those using the cash from their pension to purchase a lifetime income reveal a similar picture.

Pension to Annuity Transfers

2012

2011

2010

Average ceding pot (£000)

35

35

32

Under £5k (%)

11

11

11

Under £10k (%)

23

23

24

Under £20k (%)

45

46

48

Significantly, Options has experienced a 42% rise in transfers in the past year. This reflects both the growth in the number of major companies using the service and the greater use of Optionsby all users as the market has opened up more widely to transfer of business, resulting in this substantial organic growth.

The industry needs to have confidence in its technology services that ultimately affect the service provided to the end customer and the fact that Options Transfers handled that substantial 42% increase in volumes without impact to the end customer is a clear demonstration of just how robust and scalable it is as a system.

As an organisation that quite literally joins the electronic dots between various parts of the industry, in particular between providers, platforms and financial adviser firms, Origo is fortunate to be in a position to foresee and so work to provide solutions to common, key issues in the market.

One area, that in 2012 we raised as a pressing issue, was the re-registration of assets between SIPP platforms. Our White Paper issued in October 2012, highlighted just how far away the industry was from being able to effect efficient re-registration.

Of course, the SIPP market is far more complicated than many others because of the wide range of assets that can be held within the wrappers, coupled with the variations in the liquidity of those assets, and this creates obvious problems for providers when they receive a request for a transfer.

However, this is an area that can be dramatically improved by the implementation of efficient technology. We have worked to build an addition to our well-established ‘plug and play’ solution that platforms and providers can adopt both quickly and easily to demonstrably reduce transfer times for a range of assets including; SIPPs, ISAs, GIAs and more. This service enables firms to get on with running the other parts of their business, providing peace of mind that this particular RDR and TCF issue has been ticked off.

There are three drivers that are set to put this area of the market more intensely under the spotlight in 2013.

1. FSA Intentions: The FSA’s intention to focus on ensuring a better outcome for consumers needing to transfer cash and assets between providers. 2. Market Developments & Competition: There is potential growth in the retirement market itself (Auto Enrolment etc). We’re also experiencing increasing competition between platforms and providers, and a company’s standard of service is a core differentiator. 3. The RDR: Lastly, we are due to see an increase in asset transfers as the financial advice market adjusts to the new RDR landscape. There has already been a flurry of merger and acquisition activity in the adviser market since the New Year that, inevitably, will demand transfers of assets between SIPPs and platforms as firms shift clients to their preferred platforms /providers.

So it is no surprise that leading SIPP providers and platforms are already moving to employ automated asset transfer and re-registration capabilities, not least as a means to create clear blue water between themselves and their rivals.

Before Christmas we announced that AJ Bellwas one of the many major platforms to join Origo’s Options Transfers Re-registration service, and hot on their heels is Curtis Banks - another major SIPP provider wanting to benefit from an industry tried and trusted service.

It’s clear to see that the need for an experienced, low-risk, wide coverage transfers solution is essential to help our industry join the dots.

If you are a platform or SIPP provider and would like to know more about Origo’s Options Transfers service, please take a look at the re-registration section of our website or call us on 0131 451 5181.

As we welcome a new year and begin to get settled in and get back to ‘normal’ we all know that the times that lie ahead will be anything but ‘normal’ especially as the RDR hangovers start to settle in. Platforum’s, Holly Mackay, stated that ”...as we head into 2013, it feels as though no-one is actually quite sure what is going to happen!” and for many that will be the case. With some restructuring and the FCA taking the reins - 2013 will bring significant challenges for a range companies and for some there will be some catching up to do in the first half of the year.

The RDR demanded attention from various departments and resources within organisations in the run-up to 2013. So last year, there was an element of fumbling in the dark when it came to addressing certain RDR issues such as Asset Re-registration - where the FSA mandated that it is to happen “in a timely manner”. As our pension and investment industry continues to grow, the issue of being able to efficiently re-register assets also gets bigger. And as the light shining on our industry becomes ever brighter customers, advisers, regulators and others expect a level of service which can only be managed by effective management of assets including the ability to transfer efficiently.

As the industry’s eCommerce body, we work with the industry to bring solutions that not only solve regulatory commitments, but which also ensure trading relationships between platforms, providers and advisers are more efficient. Our range of services includes Options Transfers- a tried and trusted industry solution for the efficient transfer of pensions. As an award-winning transfers service, we also developed the addition of Options Re-registration which enables re-registration of assets including SIPPs, ISAs, GIAs and more. But our commitment to assisting you with RDR doesn’t just end here.

Our longest standing service – Origo Standards - provides the backbone for industry secure messaging, enabling information to move smoothly from one party to another in a compliant and efficient manner. Established in 1989, Origo Standards have continued to be developed and adapted as the industry evolves. Most recently we launched our Remuneration Statement Standard. Designed to specifically address the changed remuneration structure brought about by the RDR, it enables advisers to match each and every individual payment.